[***] Summary: [***]
24 new PRO. SolarWinds Orion RCE via MSMQ, CVE-2021-24072, CopperStealer,
Various Phish.
Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback
[+++] Added rules: [+++]
2846980 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2846981 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2846982 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2846983 - ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT)
(trojan.rules)
2846984 - ETPRO CURRENT_EVENTS Successful Canada Post Phish 2021-02-09
(current_events.rules)
2846985 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2021-02-09
(current_events.rules)
2846986 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-09 1) (trojan.rules)
2846987 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-09 2) (trojan.rules)
2846988 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-09 3) (trojan.rules)
2846989 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-09 4) (trojan.rules)
2846990 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-09 5) (trojan.rules)
2846991 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-09 6) (trojan.rules)
2846992 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-09 7) (trojan.rules)
2846993 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-09 8) (trojan.rules)
2846994 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-09 9) (trojan.rules)
2846995 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-09 10) (trojan.rules)
2846996 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-02-09 11) (trojan.rules)
2846997 - ETPRO CURRENT_EVENTS Successful DHL Phish 2021-02-09
(current_events.rules)
2846999 - ETPRO EXPLOIT Possible Inbound SharePoint RCE Check
(CVE-2021-24072) (flowbit set) (exploit.rules)
2847000 - ETPRO EXPLOIT Possible Successful Exploitation Response for
SharePoint RCE (CVE-2021-24072) (exploit.rules)
2847001 - ETPRO EXPLOIT Possible SolarWinds Orion RCE via MSMQ Inbound
(CVE-2021-25274) (exploit.rules)
2847002 - ETPRO TROJAN Win32/CopperStealer Installer Started
(trojan.rules)
2847003 - ETPRO TROJAN Win32/Remcos RAT Checkin 674 (trojan.rules)
2847005 - ETPRO CURRENT_EVENTS Successful DHL Phish 2021-02-09
(current_events.rules)
[///] Modified active rules: [///]
2846704 - ETPRO TROJAN Grandoreiro Payload Request (trojan.rules)